All right, guys. Just want to talk a little bit about how to have some fun with your own
little pen test army. So as you can see, by the way, this title, I social engineered myself,
so I'm very proud of that. I social engineered myself the title of hacker in residence at
the University of Redacted. All right. So what does this talk about anyway?
I'm going to talk a little bit about doing hacking and forensics with some small, low
power devices. It turns out that the devices I'm using are ARM‑based devices in the Beagle
Board family. And what I've done is pretty much made my own custom Linux distro, which
I call the deck.
And the deck is essentially all of the good stuff out of backtrack and none of the bullshit
fluff, all right, you know, the stuff that people haven't used in years. I didn't port
that stuff. I ported everything else. All right. I'll talk very briefly about porting
stuff to a new platform. I don't want to focus on that too much. A lot of the stuff I want
to talk about today, it's in the slides mostly just so that it's in the slides. It's on your
DL.
DVD. You can look it up later. Ask me questions, whatever. I also want to talk about how you
can perform some coordinated attacks with your little army of pen‑testing minions.
So who am I anyway? I'm a prof at University of Redacted. I'm a hacker in residence somewhere
in the Midwest. I've been programming since I was 8 years old, been hacking hardware since
I was 12. Also been known to fly some planes, build some planes and just have a lot of fun.
What I'm going to talk about is, you know, choosing a platform that was appropriate,
selecting kind of a starting point, a base OS, building a base system, and then the easy
part, getting some tools out of repositories and such and then building a base system.
So, for a little arm‑based device. I'll also talk about the harder part where you
can't get things out of a repository. How do you go about building stuff for a little
ARM‑based device. And then I'll move into networking with 802.15.4. or XBEE networks
and talk to you guys about that. Talk about how you can build your own stuff. I'll have
some demonstrations. I'm a copywriter, I apologize. I'll have a screen shot of all of them. And
shot. As we all know, live demos are never a good idea, especially in a crowd this size.
But I will be available later if you guys want to get touchy-feely with some of this
stuff and play with it. Talk about attack networks and some future directions.
Okay. So picking a platform. This is my criteria. I wanted something that was small, something
that was low power, something I could afford. I don't make much at University of Redacted.
Something that was mature, had good networking support, good community support, had some
nice input and output options. And the winning platform, I kind of gave this away, was the
BeagleBoard family of devices. In particular, I started out doing this with the BeagleBoard
XM.
Which is a desktop replacement device. And, you know, have moved to having something that
runs as well on the BeagleBone and the new BeagleBone Black. I'll talk a little bit more
about that in a bit. Pretty cheap stuff. BeagleBoard XM, $149. And the BeagleBone Black lists
for $45. And you can actually buy it for less than this price, unlike some other devices
out there.
Half a gig of RAM. Networking. USB, DVI output, all that good stuff.
So here's a little picture of the BeagleBoard XM. This is stolen off of the BeagleBoard
website. It gives you some of the specs. You can see it's 3.25 inches square. Pretty small.
And here's the other device that you would be more likely to use. This is the BeagleBoard
likely to use if you are starting today. This is the BeagleBone Black, also known as the
Raspberry Pi Killer. This came out in late April. It lists for $45. I've spent an average
of $42 on the ones that I've purchased and it's a nice piece of hardware.
I know at least somebody that's going to say, why didn't you use the Pi? Here's why I didn't
use the Pi. The Pi is not near as powerful. It doesn't run Ubuntu. It's got some ancient ARM
architecture that nobody supports, including canonical. It's not as mature in terms of
the platform. The BeagleBone, the original one, has been out longer than the Pi. And
there's no real cost savings, if any. Usually I think if you try to implement this stuff
with the Pi, you would probably spend more money, not less money.
Okay.
Even now, it's not easy to go buy 50 Pis. In this country, at least. And a lot of people
have had some problems with some flaky boards. Also, even though they're not as powerful
as the BeagleBone Black, they consume about 50% more power. I've talked to a lot of people
about their experience with the Pi and I hear a couple of stories a lot. I hear the I never
got it to work.
Because I had to go download, you know, Raspbian and, you know, that stuff just never worked.
So that's one story I hear a lot. And I also hear the it worked really great for about
two weeks and then the flaky power circuits failed. And then the other I think maybe slightly
more common story I hear is, yeah, I want to do something really cool and then it wasn't
powerful enough. But it can flash LEDs. It's really cool.
It's like blinked those LEDs. All right. Well, I think I'm doing something a little
bit more than blinking LEDs. You can judge for yourselves here coming up.
All right. So now that I've selected a device, it's time to select a base OS to start with.
Well, again, unlike the Pi, if you buy a BeagleBone, it actually comes with an OS and
you can plug it in and it runs. They even give you a power cable for the board. So,
boom. It's amazing. You don't have to buy extra stuff. So it comes with this thing
called Angstrom Linux that most people have never heard of unless you like to do embedded
Linux stuff. It's not a bad distro. It's optimized for the hardware. But for our purposes,
it's not the best. You know, the guys that made this initially weren't all pen testers.
They didn't say, hey, I want to run these security tools on my little board because,
recently, nobody was doing that. So I chose Ubuntu. You know, Ubuntu is available.
As you all probably know, backtrack was based on Ubuntu. A lot of support in the community
for Ubuntu. Good repositories and all that. All right. So now that I have an OS that I've
picked, it's time to go about installing it. All right. So on the Beagles, I'm going to
show you how to do it. On the BeagleBone block in particular, it has 2 gig of internal storage,
which isn't quite enough for me. The image for the deck is over 6 gigabytes. So I have
just a few tools in there. You know, I forgot, though, I should have put a little program
in there to blink LEDs, but I didn't do it. I apologize. You're welcome to submit that
to me. Maybe I'll add it. But so what you want to do is you get a micro SD card. You
create an image. And if you're going with Ubuntu, you go to canonical. You can get
their images. Or there's a guy named Robert C. Nelson. I think this guy just writes stuff
for embedded devices all day. I chose to use his branch of Ubuntu because it's nicely
optimized. It's updated a lot. And you can find some good instructions on how to do this
stuff at the link provided if you want to do so.
So now I've got a device. I've got a starting point. I've ported some of the tools or I'm
getting ready to port some of the tools. So what's the easiest thing? Well, I want
this tool. App, get, install, and pray. Right? And a lot of times you get lucky. Sometimes
you don't get quite that lucky.
So it's great. You know, a lot of people like Ubuntu. And so a lot of times if you
can't get that to work, you can at least get a deb file. And you can use d package to install
it. And when in case of a deb file, what I found is, you know, if you're running something
that's based on an interpreted language like Perl, Python, Ruby, et cetera, it tends to
work pretty well, kind of out of the box. And if it's a C‑based program, you're going
to have to build stuff. If you have the appropriate libraries, you're probably okay as well.
Now sometimes you actually have to build stuff. Now in my experience, this was roughly ten
percent of the time. So 90 percent of the time I either did an app, get, install, and
it worked or I got some deb files and maybe played around a little bit and it worked.
So a couple times you actually have to build this stuff. Right? So if you've got to build
this stuff, you have to make a decision. You have to say, do I want to build it on
my Beagle or do I want to build it on my hex core desktop with gobs and gobs of RAM?
If you build it on the Beagle, it has the advantage of being pretty straightforward,
has a disadvantage of possibly being a little bit slow if it's a big program. So of course
you can cross‑compile. It's a little bit more complicated. But you can take advantage
of your heavier stuff.
Your computing power. All right. So if you're going to go with the native compile, it's
pretty basic. Do a pseudo app get, install, build essential, singular, not plural. I don't
know why, but that's the way it is. And you're pretty much on your way. You download
your code, do the standard stuff and you build it. Something to keep in mind, if you happen
to be using the Beagle board, XM, be aware that if you're SSHing in there and you're
using DHCP, every time you do that, you're going to get a little bit of an error. You
reboot the machine. It gives you a new MAC address, so you tend to get a new IP address.
So if you're wondering, hey, why did that move yesterday? Well, just don't ever turn
it off. You'll be fine. All right. I'm not going to cover this in detail. I just want
to include this in the slides. But cross‑compiling, the most simple way to cross‑compile something,
you download a tool chain. And you kind of do the standard thing. You go get your source
code, and then you do your configure, make, make install, and then in this case you move
files over. The only difference is if you look at the configure line, you'll see that
it says configure, and then there's a dash, dash, host equals arm blah, blah, blah, blah.
All that is telling the compiler is, hey, guess what? I'm not building for whatever
I'm running on, whatever machine I'm running on, and that architecture I want to compile
for the other architecture. I'm not building for whatever machine I'm running on, and that architecture I want to compile for the other architecture.
Other than that, it's pretty much the same as building source code for your own machine.
You can build a little bit more fancy, and you can start using Eclipse. And there's
some good instructions on how to do that online. And you can get really, really fancy
and enable remote debugging. All right. And I refer you to Jan Axelsen. He's going to
give you a tutorial that has a link to that at the bottom of the page. If you have questions
about this stuff, ask me later. Okay. So now we have a device. We select
a device. We got an OS. We ported all of our tools over. Now let's talk about networking.
How many of you are familiar with 802.15 for networking? All right. Like maybe ten
of you. It's not a lot. All right. All right. All right. All right. All right. All right.
It's also sometimes called XB networking. Sometimes you might hear about ZigBee networking,
which technically is built on top of XBee. But just going to give you a nice brief overview
of what it is, talk about some of the hardware, some simple cases where you just have two
XBee radios, and then some slightly harder cases working up to the really hard stuff
where you're actually doing true mesh networking. All right.
So typically you'll find these XBee adapters in industrial settings when people are doing
stuff with low power embedded devices. They like to use XBees. And the XBees have many
different forms, and they usually come in two flavors. They have the basic ones and
the regular ones that have a range, you know, of one to 300 feet, depending on the situation.
And then we have the pro adapters, which have a range of up to a mile. They have two different
modes of operation. They have what we call AT mode, which for some of the older among
us, you might recognize AT commands. It's from these things called modems. Some of you
are like, I heard about those ones. It's fairly low speed, about 250K. And it supports a lot
of different topologies.
Peer to peer networks, star networks, and mesh networks. And these are made by a company
called Digi. They're up in Minnesota. And they have their regular and pro formats. They're
interchangeable and interoperable. All right? So I can have a network where part of my network
is running the regular adapters and part of them are running the pro adapters. And that
works. All right? They interoperate just fine.
One thing that's kind of a pain in the butt working with these devices, they use a two
millimeter spacing, right? Not the standard 2.54 millimeter or tenth of an inch spacing.
So you probably have to get some sort of an adapter. A lot of different antenna options.
When you're buying these things, be careful to buy compatible adapters. You'll see series
one adapters. And series two adapters sometimes referred to as ZB adapters.
You can interoperate regular and pro, but you cannot interoperate series one and series
two together. They're not compatible. So buy all of the same kind.
So if you get these little XB modules and you want to configure them, pretty much what
you can do is if you have a USB adapter, it's usually the most easy way of doing this, you'll
do it. You can put this in its adapter, plug it into your computer, and they provide some
software you can run. And you set up different things. So you configure each of these modems.
You give it a baud rate. Tell it what kind of device it should be if it's a series two
device. You set the channel. And you also set something called a pan ID. You can choose
something great like maybe, I don't know, 1337.
Probably wouldn't go with the defaults, but you can change it. And you pick a destination
low address and high address. And it's pretty simple. I'll talk about the different modes
that it will operate in. And you just write this information to your modem. Then you label
it with a piece of tape or something so you don't get them all confused because they all
look the same.
.
And go forth and do some XB networking.
So what's the absolute simplest thing to do?
You have one drone and you just want to remote control it.
So I might have one little drone device with an XB Pro and I want to sit maybe with my
little lunch box.
My lunch box, of course, has a little computer in it running the deck.
Why is it Buzz Lightyear?
I'm going to hack you to infinity and beyond with it, buddy.
All right.
So you ‑‑ by default, these XB adapters are meant to run in what's called transparent
mode.
And basically what it does is if you set up the addresses.
Properly.
So that two of these are pointing at each other.
It makes a wireless serial port.
So stuff just goes back and forth using the normal serial port protocols.
And you can do this and then set up your drone to use TTY, which, again, some of you will
be like, what's that?
Something that people used in the old days to like telnet into stuff, right?
So it's pretty simple.
There's a lot of information on how you set that stuff up.
And you can do it.
That's one way you can go.
Now you can go and do the same sort of thing and have multiple drones.
And all you need to do is make sure that each of those drones is having a destination
address of your command center.
And they don't really know about each other.
For them, they think that it's exclusive.
It's like they're all Tiger Woods girlfriends or something.
I don't know.
I think that it's just them.
They don't know about the rest.
And it's pretty simple.
You don't have to do any programming.
And you can just use the AT commands.
So how does that work?
You open up your favorite terminal program.
If you want to change something, all you have to do is hit plus three times, wait a little
bit, and it will say okay.
And then you can give it a command, such as this command that says, hey, change the
destination low address so that I can talk to this person.
And then I can go and write those things to my modem and off I go.
I can also use an API mode, which is what I would personally recommend.
The nice thing about API mode is that things are sent in packets and it's a lot better
performance and error correction and all that good stuff.
By the way, a little tip.
If you didn't configure all your modems to use API mode and you're standing there and
you're going, it says it's receiving, why isn't it doing anything?
And you're thinking, it's my Python scripting, it's my Python scripting.
It's probably just that you misconfigured the modem.
So there are different ways you can talk to these modems.
You can use Java.
There's a Java protocol and a library for that.
There's a Python library, which I use.
Or if you want to kick start.
Kick it old school.
Just send those raw commands yourself.
You can do that.
And I recommend that you use API mode if you've got more than just one drone.
So you can also go to multiple drones.
Again, this is technically not really mesh networking at this point.
It's really point to multipoint.
And you set up this peer‑to‑peer connection and you get better performance and all that.
So it's a good thing.
All right.
Now one possibility you can do is what I did.
You can write some simple Python scripts so you can create a command center and then have
all of your drones sit there and just wait, wait for commands on the XB.
Wait for commands to come over the XB ‑‑ it's not a line, I guess, or a wire, but virtual
wire.
One downside of going this way versus the TTY route is you can't run an interactive
program, at least not yet, the way that I've done my scripting.
But it does work pretty well.
So you can send commands, you can get responses.
There's also a facility in there to get announcements.
So I might say, hey, you drone over here, please crack this Wi‑Fi network.
And then when it's done, it sends me a big announcement.
It's like, hey, Phil, guess what?
The password was password one.
So all the code for all this stuff I'm talking about today is available out on my website.
But I'll give you some of the highlights.
All right.
Now if you really need to do the true mesh networking, you can do it.
One thing that's cool about this method is that you don't have to change anything.
There's no changes in your scripts.
It all just works.
You can take out your series one modules, put in series two modules, and really it's
a matter of just configuring them correctly before you plug them into your drones.
Something to keep in mind, though, if, for example, you set up a device as a router,
routers are not allowed to go to sleep because routers that don't respond are bad.
End devices are allowed to sleep.
You can save them battery power.
All right.
So what's the simplest case, again, let's back up a little bit.
We selected a device, got our OS, got all of our tools, and figured out how to do the
networking thing.
Well, the simplest case, you just have one drone.
And you set it up, and you can have from a distance, you know.
What's the advantage of this?
It's running 24‑7.
24‑7.
not suspiciously sitting in the parking lot with a big antenna in your van, that's like
what have they been doing? Oh, that's the famous FBI van number 6, right?
Little story on that. Last weekend I was at Maker Faire up in Detroit and I was running
some of this stuff and someone came up to my booth and goes, oh, look, there's FBI van
number 6 right here. I'm like, dude, I know it's you. What do you mean? I'm like, dude,
you're six inches from my receiver. And you're the strongest signal. So I'm pretty sure you're
FBI van number 6. Anyway, so, you know, you can lounge by the pool at the hotel down the
street. Especially if you go someplace like Vegas, it's kind of hot here, right? You want
to sit by the pool or whatever and you can hack away.
Other things you can do, you could have multiple drones.
Okay.
And you can interact with each of the drones and use your imagination. Now, again, I want
to reiterate, one of the big pluses, I mean, can you get things like a pony plug and use
that? Of course you can't. However, you know, the nice thing about these guys, they're cheap
and every one of them has a full copy of the deck. So they each have 6 gig worth of security
tools. So you don't have to go, oh, I wish I had this. You know, it's on there. Pretty
much all there. And you know, again, you can retask drones as they complete different
objectives and such.
All right. So let's talk a little bit about building some hardware. So you want to build
some accessories. So this picture here is of a very simple power supply. So the first
first thing you want to do is power this up. You can see the scale. It's pretty small.
It's next to an SD card. So you want to power your drones. I'm not doing anything real fancy
here. I'm using a 7805 linear power regulator and a couple of capacitors in order to smooth
stuff up and a battery or two. A word on batteries. Now, I just showed you a picture with a 9
volt battery clip and that works great and 9 volts are nice because they're compact,
but it's not real efficient. For one thing, I'm dropping from 9 volts to 5, so I'm wasting
a lot of energy and that all goes to heat. And also, 9 volt batteries don't have a very
good energy density when you compare them to things like this.
D cells and stuff like that. So something to keep in mind.
Other things to keep in mind when it comes to power, you can have a BeagleBone Black
running full blast, all right, running 100% CPU, and it uses about a watt, like 1.1 watts
or so of power. It's not a lot. How much do you think the Raspberry Pi does?
It's over 2. And it does less. But it doesn't matter because all you can do is blink LEDs
and they're pretty efficient. It's all good. But one thing to keep in mind when you're
using your mesh networks, they do use power, the transmitters, so don't just sit there
and transmit constantly, make use of things like sleep modes and such.
All right. So some power options. Here we've got a couple
of power options. USB cable. Different power adapters. And then on the right‑hand side
you can see some of the battery‑based adapters. So we've got one with two 9‑volt clips so
you can hot swap them if they start to fail on you. And then another one with some double
A batteries. All right. 802.154 hardware looks kind of like this. Here I've just made
some simple adapters.
It's four wires that you have to solder. Here's the same thing in a little case. By the way,
some people asked me about this one. It doesn't look like an XB. In order to get it in my
little case, I had to put the XB upside down. That's why you don't see an antenna or anything.
So you probably need an adapter for your XB. And, again, you can get two kinds of adapters.
You can get a UART or CERN adapter. You can get a USB adapter. You can get a USB adapter.
You can also get a USB adapter. You're probably going to want at least one of these in order
to hook it up to your PC and to program it. And you don't have to solder or anything.
So if you're connecting it to your Beagles, if you bought the USB adapter, there's nothing
to do. Just plug it in. If you have the UART adapter, you have to solder the four wires.
You can find more details about that if you look into my slides. And then you have to
tell the Beagle, hey, this is what I'm using these pins for.
A little note on that. The older BeagleBone, the BeagleBone White used an older kernel
version and there was a way of doing this stuff. You just have a couple of echo commands
that are shown here. The new BeagleBone Black uses a 3.8 kernel and they dramatically changed
how that stuff works.
I don't have time to go into the details on that. But, you know, have a look at my
blog and I'm hoping when I get home to have a nice detailed article on that.
All right. Other hardware. Capes or if you're familiar with Arduino, shields or capes in
the BeagleBone world. Something that I'm working on right now, I've actually been approached
by some folks because some people don't like to solder, which is cool.
I like to solder. But we're working on developing a cape that will have an XB socket, a network
switch so you can inline it, and a USB hub in case you need some more USB. And possibly
regular Wi‑Fi, 802.11 Wi‑Fi and maybe an optional battery pack. So that's something
that might be coming out. Other things in terms of hardware, you have to have a cool
container for your stuff. You see I have one right here. I'm going to go ahead and show
you. I have my GI Joe black packs, my Buzz Lightyear lunch box. If you look in the lunch
box, it looks kind of like this. You know, I've got a touch screen. I've got my Beagle
on the back of it, USB hub, network hub, keyboard, mouse, all that good stuff.
All right. This is just an example of minus the cape that's still in development, how
could you make a planable, you know, get a USB power cable.
Get a network hub. Plug someone's network into your hub. Plug your power into their
USB port and you're on their network until they clean under their desk. Which happens
a lot, right? You go to these offices, people are cleaning under their desk like every day
or every five years, it seems like. So pretty cool. All right. There we go. Other things
you can do. This is just showing you. This is just showing you. This is just showing
you the same hardware in another format. Okay. So for the rest of the time I want to just
real quick show you what kinds of things can you do with this platform, starting with what
can you do with just one of these devices and then what can you do if you take a couple
of devices, put it together. All right. So here's the first demo. Some of you might recognize
the motivational music as last year's DEF CON CD. Run it on my lunch box. Run an N map
network. And sure enough, I see ‑‑ I don't know how visible. It's kind of visible.
I tried to highlight some stuff and it's like, oh, there's something running on port 445,
which tells me it's probably what kind of a box? Windows. Our favorite target. And port
445 means let's try our favorite exploit. What's our favorite exploit in the whole world?
0867, right? It's at every con.
So sure enough, here I am running Metasploit and successfully getting a shell on a Windows
XP box. You Raspberry Pi people, go blink your LEDs. I'm running Metasploit. Okay. But
your LEDs are cool. I'm not dissing your LEDs, okay? All right. So that's something
you can do. What other kind of things can you do? How about crack a little Wi‑Fi? Run
up Aircrack.
Do a little scanning. See what's out there. Find someone to attack. Yeah, this guy's got
a great password. Password one. It is. All right. So, you know, crack a couple network
passwords. Of course, we like to crack passwords in general. Run up Hydra. This is Hydra running
against a router. And you can see that ‑‑
This guy is not even that good. He went with straight‑up password. Couldn't do the one.
All right. Well, maybe people have stuff a little better, right? But how many of you
like to use WPS cracking? What's your favorite tool for that? Reaver, right?
By the way, a little tip. Some of those cheap routers, when you untick the box for WPS,
it's still on. So you might want to call out Reaver and check and make sure it's actually
turned off. All right. So here is just a little run with Reaver. And after a bit of
time, sure enough, boom, I got the password which was, oh, password one again.
All right. I call this pwning Windows 7 like it's a Mac. All right? And some of you might
it should be honing Windows 7 like a boss. Yeah, kind of. But about a year and a couple
months ago there was this big vulnerability that came out. I remember some of you were
like 400,000 Macs, or maybe it was more than that, infected. And all the PCs went, uh‑huh.
All of us did. But so, you know, the Macs had a problem, right, with Java. And then
you got these smug Mac users who are like, see, I could never get infected. And it's
like, well, you did. Well, then you got all the victorious Windows people, right? They're
like, well, see, I told you. Guess what? They had the same vulnerability. So, again, I just
load up Metasploit. And, again, this is all running.
And then a little Beagle. I might even flash some LEDs on the side. So sure enough, bam,
you know, here you go. I've got a shell at a little Windows 7 box from University of
Redacted. Don't ‑‑ pretend you can't read what it says there. All right. And the
final solo demo ‑‑
The final solo demo is doing what I call being a click kitty. Some of you are probably familiar
with the term script kitty. Aaron and myself, we came up with a new term, a click kitty.
A click kitty is someone that's not even a script kitty. So they can only use GUIs.
They can only use things like Armitage. And Fern Wi‑Fi Cracker, which came out last
year. It's a nice little tool. If you're not familiar
with it, it's basically point and click pointage for Wi‑Fi. You pull it up and it says, oh,
I see these networks. Which one shall I attack? And then it tells you when it's done. So it's
pretty basic. It's kind of neat. All right. Enough of that. Let's talk a little
bit about bringing in multiple drones. So, again, if you take the trivial case where
you're using TTY mode and a couple of drones, you can go in to your terminal program and
you can connect to one. If you want to switch, again, you just do the plus, plus, plus. Give
it some commands. And then start switching to the other. It's sort of legible, I guess.
But I'm actually running drone ‑‑ two drones here in this example. And I'm sending
commands to both. So if you want to use the Python scripting, I've done something extremely
fancy. All right?
I have a little command console in one window. And you can send it commands and you can switch
which drone you're sending commands to and get announcements in that window as well.
And then I have all of the responses I capture to a file. And I use this extremely sophisticated
tool to display that file. It's called TAIL-F. So basically here you can see this is my command
console.
I just have a really simple API. All right? It will say, hey, what command do you want
to send to this drone? And if you say colon and a number and nothing else in the line,
it switches to another drone. So here's just some basic output. And it will tell you, hey,
this is what I've ‑‑ what I've sent to this drone and this is what I got back. Pretty
basic stuff. All right? This is just giving you an idea. There's nothing
really awesome in the scripts that I wrote here or anything like that.
Okay. So some future directions. I'm going to continue to try to add some useful stuff.
You know, I started on this work about a year and a half ago after DEF CON last year.
I actually added some packages. The basic ‑‑ the very first version of the DAC came out
in September of last year. So between DEF CON and that time I actually did this. So
some of that stuff. And optimizing some packages, looking at some other output options, possibly
exploiting some USB on the go functionality. Some of you may have done some work with the
Teensy. Any of you use the Teensy? No? A couple of you? Done a little bit of HID hacking,
you set up your little keyboard and enter some commands. Well, that's with a 20 megahertz
8‑bit processor. I got a gigahertz 32‑bit ARM processor. I can really push some commands
out to you and do some serious logic. The other thing I'm working on right now,
it's my next big thing, is literally making this platform fly. Hoping to have this done
for GERCON in September.
But basically, I'm going to be working on this for a couple of weeks. I'm going to be
working on this for a couple of weeks. Basically, I am going to install this platform inside
of an aerial drone that's capable of vertical take‑offs and landings so you can fly by
a target, do initial recon with it, take the sucker, land it on the roof, hack them,
and then fly away. And there are different scenarios there, too. You could potentially
use a ‑‑ you could set up your XB in the GERCON. You could set up your XB in the GERCON.
You could set up your GERCON as a drone as a router and then maybe pepper the lower
powered drones around the building, in the building, wherever you can. So that's something
I'm working on. The other thing is, you know, maybe you don't want to hack from down the
street, so why don't you hack from across the world. And there's this beautiful thing
called an XB gateway device. I have a couple of these at my office. And so what you do,
is you make sure the gateway is in the range of your drones, and then you can take your
gateway, possibly hook up to someone's free Internet at their cafe, plug it in somewhere,
and you could be over in Australia doing this pen test. It doesn't matter.
And as I said before, I'm working on developing some pen test capes, and also right now I'm
currently working on it. I didn't quite have it finished probably in the next couple weeks.
If you look at my website again, it will probably be up there. I want to be able to send simple
files across the XP. So, for example, if I want to send a new script to be run, I just
want to be able to send that over to the XP.
And not have to bother with things like SSH and all that good stuff.
Here's some references that you can look at. And if there's any questions, there was going
to be the Q&A lounge which went away. So I'm going to recommend that if you have any questions,
come see me at the Chill Out Lounge later. I'll bring my little toys. And you can have
a look. And I think we're just about out of time. Do we have like three minutes? One
question.
Does anyone have ‑‑ I think we have time for maybe one question. If not, I'll head
that way.
I do not currently secure them. I could. There is support in the 802.154 spec for encryption.
I'm just not bothering to use it.
Because, honestly, one of the advantages of 802.154 is it's essentially out of band
for most people. You know, if you use regular 802.11 networks, people are like, hey, what's
this rogue network? But if you're using 802.154, it's on different channels. People have no
idea that's going on. But, yeah, you could easily do that. I just don't because I'm lazy
and it takes a little performance hit.
Okay.
Okay.
Thank you.
Bye everyone.
